[Ans.]openssh3.5p1 version ... Password aging problem???

Peter Stuge stuge-openssh-unix-dev at cdy.org
Tue May 27 07:45:39 EST 2003


On Tue, May 13, 2003 at 07:52:25PM +1000, Darren Tucker wrote:
> The chat-script method is only applicable to SSH2 (with
> MSG_USERAUTH_PASSWD_CHANGEREQ), if you want to support changes with
> protocol 1 you still need passwd-in-session[1].  I think the argument is
> that since it's needed anyway, using it for protocol 2 as well is the
> smallest set of changes.

Absolutely.


> > My binary implementing this is currently 6384 bytes when strip:ed.
> 
> How many lines of code is that?  Don't forget the reason you're doing this
> is so you don't need ~160 lines of platform-specific change functions
> (that's for AIX and shadow platforms) which is 4416 bytes stripped on
> Linux/i386.

Definitions and data is 65 lines, code 95 lines. Probably 30 more lines of
code before it's done.


> [1] Someone (Frank?) proposed doing this via TIS challenge-response on
> Protocol 1.  By my reading of the RFC you only get one challenge and one
> response so in order for that to work you'd need the user to respond with
> something like "oldpassword,newpassword".  Of course, I could be wrong.

In any case, your first point is very valid.


//Peter




More information about the openssh-unix-dev mailing list